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Cast of characters 


in your house. 


eu A 5 


your laptop LO 


; your home 
program as router 


(Knows how To 
do networking ) 


(that you use 
to look at cats) 


Computers oull talk to 


jwns.co. DNS 
DNS server 
server (Knows which 


(has cat Server hosts 
P ¡Chure) jvns .ca) 





were downloading 


in The middle 


EST) 


t EJ E 


Ch 
inter mediate routers 


on the internet packets 1 








Q thanks Y 
foc reading 


If you want to Know more about networking: 


— make network requests! play with 


— beej's guide to network programming isa 
useful 4 funny guide to the socket API 
on Unix systems. 


—> beej.us/quide/bgnet 4 
— High Performance Browser Networking 


is a «xfantastice and practical quide on 
what you need to Know about networking to 
make fast websites. 

You can read it for free at: 


—> hpbn.co 4— 


Thanks for Kamal Marhubi, Chris Kanich, and 
Ada Munroe for reviewing this! 
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k** the packet ,*,* 


All data is sent over the internet in packets. A 
pacKet is a series of bits (01101001...) and it's split 
into section (aKa "headers"). 

Here's what a UDP packet that says "mangotea" 
looKs like. It's 50 bytes (400 bits) in all! 








Sulia, 1 dont 
understand this 
diagram 





We are going 
to work on 
explaining ity 








$4 bits ——ə  — ——————O— 
Ethernet frame 


destination MAC Source MAC addr | type | header 
ou bytes) 


U bytes 
4—3 bis ——-— 


=] 


160 bits 

IP header 20 bytes 
This tells routers 
what IP to send 
the packet to. 


64 bits 
UDP header 3 bytes 


(a TEP packet would have a 
TCP header instead here) 


TTL 
Source TP address 


Destination TP address 





Source port destination port 


The packet's “contents” 
Go here. ASCII 
characters are 1 byte 


so “mangotea” ^en be 


da 
rp 
Hi 
a 


SSL/TLS 


(TLS: newer version of SSL) 






When you send a packet 
on the internet, LOTS of 
people can potentially 






that person is 
sending email with 
pie recipes. 

HMMM. 










unencrypted 


read it. irs 


SSL encry pts your packets: 


old packet 3 TP address+ port 


to: q.4.32.44 2443 stay e to: Q..32.44 :4423* uud c pact 
From: 31.9%. 1.2 :0f From: 31.49. .2:999 


there is my secret 
lemon piececiper 


Dro o es a - 


-= ==; MER PTS 
— Ña S ye 

^ Hits rene 
X 2 Y. pie recipe NOWY 


YAA ————À 9 


-rv = 


What happens when you Bo to https: Z jvns.ca.: 
here's my SSL 
(Ae) certificate 
client server Vn half of He 
key exchange 


(very simp lified) 


here's my half 
of the key 
exchange 





Once the client and server agree on a Key for the session, 
they can encrypt all the communication they want. 


To see the certificate for jvns.ca, run: 


$ openssls client -connect jvns.ca:443 -servername jvns.ca 


TLS is really complicated. You can use a tool like SSL Labs 
to check the security of your site. 
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DNS 


kK 2p . jr 
Ste : aet the IP address for ivns.ca 4 
PG 9 J * 


All networking happens by sending packets. To send a 
packet to a server on the internet, you need an 
IP address? like 104.28.7.94. 


jvns.ca and google.comare domain names. DNS (the 
"Domain Name System") is the protocol we use to get 
the IP address for a domain name. 


ym eis E ME AAA 
OF JNNS.ca? DNS 


laptop DNS M Server 
DNS Audi 


The DNS request & response are both usually UDP packets. 


When you run $ curl jvns.ca/cat.png: 





curl calls the getaddrinfo getaddrinfo TP address: 


getaddrinfo  |fings the system|| makes a DNS 2 obtained Y 
function with DNS server request to 


jvns.ca (like 8.8.8.8) 8.8.8.8 104.28. 7.44 


Your system's default DNS server is often configured 
in /etc/resolv.conf. 


8.8.8.8 is Google's DNS server, and lots of people use it. 
Try it if your default DNS server isn't working! 


Hou packet S get sent” Qos S t he ocean 










Thae a packet fF * 8.7.8, 


but how do I ge —hrough all We ger 
a i+ 7 
: this ao 
-m — 5 6 [m 
home eS w 
ro routers cable 109.23. 7. 84 
your lopfop uter i i E pe 


When a a arrives at a router: 


D possible next 
[e> — cusco ëJ < = steps. where 
ea will the packet 


<. ao NEXT? 


104.28. 7.44 router ? E 


Routers use a protocol called to decide 
what router the packet should ge to next: 


A packet can take a ' 

| | S 7 
lot of different routes = he er za 
to get to the same X "AE 


destination! 


The route it takes to get from 
A—B might be different from B—A. 


Execcise: 


Run traceroute google.com to see what 
steps your packet takes to get to Google.com. 
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let's make 
DNS requests 


When you're setting up DNS for a new domain, often this happens: 









TL don't Know N scire. 

. wal AERE ONS server 

Here's how you can make DNS qveries from the 
command line to understand what's going on: 


$ dig jvns.ca 


;; ANSWER SECTION Y^ 
jvns.ca 268 INA 104.28.6.94 
jvns.ca 268 INA 104.28.7.94 


this recocd S “N d 
i ora expires an reco is 
After 268 seconds | Lan IP address 
¿SERVER 127.0. 1.1 #53 

R—fthe DNS server I’m using 


E Ec 


$ dig @8.8.8.8 jvns.ca 










Yhere can 
be lots of 
IP addresses 
for one domain 












8.8.8.8 is Google 5 recursive 
DNS server. € 8.8.9.3 queries that 
instead of the default. 
$ dig +trace jvns.ca 
root DNS 
502441 IN NS h.root-servers.net ] server Y 
ca. 172800 INNS c.ca-servers.net 
jvns.ca. 86400, IN NS art.ns.cloudflare.com 
jvns.ca. 300 INA 104.28.6.94 










These are the 3 authoritative 
servers an authoritative server 


has to query to ger an IP for 
juns.ca 


dio + trace basically does the! 





same thing o. recursive DNS 
server would do to find your 
domain's IP. 

















UDP 


user datagram protocol 


DNS sends requests using c 


‘unreliable data protocol” 
UDP. UDP is a really simple (petent realy) 

protocol. The packets look When you send UDP packets 
like this: they might arrive: 


UDP header * Out of order 
~ JP stuffr 


destination port * never 
length ue ci 


but UDP went do anything to 
= packet conte nts ~ help you. 


Packet sizes are limited you need to decide how to 


=? organize your data into 
m Goma pot 3000 
Characters in this packet packers manvally 


nope, that 
wont fit. 1500 
bytes is pro bably 
a better size. * 


ok, 623 bytes 
in this packet, 
747 bytes in 


that one... 
K packet sizes are actually 


a super interesting topic. Search MTU” 


VPNs use UDP 


hi I want to 
talk +o 12.12.12.12 


Streaming video often 
uses UDP 


Read http://hpbn.co/webrtc 
for a GREAT discussion of 
using UDP in a real-time 


stuff all your 

data into UDP 
packets, send them | server 
to me, and t'il protocol. 
pass them along. 
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TCP: how to 
reliably get o. cat 


Step 3 in our plan is "open a TCP connection!" 


Let's learn what this "TCP" thing even is v. 


TCP lets you send a stream 
of data reliably, even if 
packets get lost or sent in 


When you send a packet, 
sometimes it gets lost 


the wrong order. 


networkina layers 


Networking layers 
mostly correspond to 
different sections of 





T don't always find this 
useful, but it's good 
+o know what 

“layer 4” means. 






a packet. 
Layer 1: wires + radio waves 
+ n bits Layer 2: Ethernet/wifi protocol 


| destination MAC | on | destination MAC | source | source MAC addr | addr [type ]e/ 
Your network card 
network card 


by Se, 


SS 32 bits —— 


understands it 


| 
CLOE e «— Layer 3: IP addresses 


| TfL | protocoi | hesderdeksom 


routers look at this to 
decide where to send 


how to Know what order the 
packets should go in: 
Every packet says what 


range of bytes it has. 
Like this: 
once upon ati < bytes 0-13 
agical oyster 4 bytes 30-42 
me there was am « bytes 14-29 
Then the client can assemble 
all +he pieces into: 


“once upon a time there " 
was a magical oyster 
The position o$ the first byte 

(0, 14,30 in our example) ts 
Called the “sequence number”. 


em LA 


how to deal with lost packets: 


When you get TCP data, you 
have to acknowledge it (ACK): 


here is pact of 
a cat picture y 
that hold be 


28832 bytes 
So for Y 


ACKI Ihave 

received all 

28832 bytes 
If the server doesn't get an 
ACKnowledgement, it will retry 
sending the data. 





Source TP address 
Destination TP address 


=s de 


Where you get your ports! 


A 7: HTTP and friends 


Routers i ignore this layer, 
mostly. DNS queries, 


the packet next 


















Tonly know 





EU about TP addresses "| emails, etc. 9o here. 
tool T don't even Know 





what a port is 
let alone what 
the packet says. 


^ 


I 
ignores layer 4 


and above 






who uses 
which layer? 
network card- layers 1+2 

home router - layers 24344 





The cool thing is that the 
layers are mostly independent 
of each other - you can 
change the IP address (layer 
3) and not worry about layers 
447. 


applications - mostly layer 7 


but also layer 
4 for the port 
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HTTP 


Step 4: Finally we can request cat.png! 


Every time you get a webpage or see an image online, 
you're using HTTPS. 


HTTP is a pretty simple plaintext protocol. In fact, it's so 
simple that you can make an HTTP request by hand right 
now. Let's do it!!! 


$ printf "GET / HTTP/1.1\r\nHost: 
example.com\r\n\r\n" 
| nc example.com 80 


ou!) avo 


the nc command ("netcat") sets up a TCP connection to 
example.com and sends the HTTP request you wrote! 
The response we get back looks like: 

200 OK 


Content-Length: 120321 
... headers... 


<html> 
<body> 
eee. more HTML 





Ive heard of 
HTTP/2, 
what's that? 






HTTP/2 is the next version of HTTP. Some big differences 
are that it's a binary protocol, you can make multiple 
requests at the same time, and you have to use TLS. 


important HTTP headers 


This is an HTTP request: The User-Agent and Host 
GET /cat.png HTTP/1.1 


lines are called "headers". 
Host: jvns.ca 


T 
They a; 
User-Agent: zine 5 give the webserver 


extra information about 
What webpage you want! 


the Host header mu Favorite Y 


dude, do You even know o 
how many websites T 


Serve? You gotta be 
more Specific. 


e 
o 
NOW we're talkina 


Most servers serve lots of 
different websites. The 


Host header lets you pick 
he. one you want T 


o 


"E 
^^ 


Jvns.ca 
Server 
























Servers also send 
fesponse headers with 
extra information 

About The response . 












More useful headers - 


User - Agent Accept 7 Encoding 


Lots of servers Want to save 
bandwidth? Set 


this to "gzip" and 


When you're logged 


Use dispares: into a website, your 
browser sends data 
in this header! This 


is how the server 


if you're using an 
old browser or if 
you're a bot. 


the server might 


compress your 


response. Knows you're logged 


In. 


